[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Make SASL mechanism negotiation smarter

From: Malcolm Rowe <malcolm-svn-dev_at_farside.org.uk>
Date: 2006-10-11 21:22:39 CEST

On Wed, Oct 11, 2006 at 07:44:11PM +0100, Malcolm Rowe wrote:
> On Wed, Oct 11, 2006 at 09:07:19PM +0300, Vlad Georgescu wrote:
> > - the SASL anonymous plugin doesn't have anything to do with the
> > internal anonymous/cram-md5 auth; it's just a simple implementation of
> > the SASL plugin API; in fact, the old code (located in
> > libsvn_ra_svn/simple_auth.c) isn't even compiled when SASL is
> > detected; both simple_auth.c and sasl_auth.c implement the function
> > svn_ra_svn__do_auth, but in different ways.
> >
>
> Okay. So, sorry if this is a stupid question, but is it therefore not
> possible to compile a SASL-enabled svnserve and point it at a regular
> svnserve password file using svnserve.conf?
>

That seems to be completely incorrect. Sorry for the noise.
Yes, there is an (entirely undocumented; could we fix that?) config
option in the repository's config file to enable SASL for the server
process.

What's happening in _my_ case is that my SASL-aware-but-not-enabled
svnserve is offering up ANONYMOUS, but my SASL-aware svn client is
unable to handle it. The assumption, I guess, is that the SASL library
will _always_ be able to negotiate ANONYMOUS and CRAM-MD5, the
mechanisms that a non-SASL-enabled server returns.

(Incidentally, if I do set up a password file on svnserve, the client
works, because it authenticates via the CRAM-MD5 mech).

Regards,
Malcolm

  • application/pgp-signature attachment: stored
Received on Wed Oct 11 21:22:54 2006

This is an archived mail posted to the Subversion Dev mailing list.